Port Forwarding Firewall

TCoreX

Regular Contributor
Hi there,

I'm struggling with port sharing 32400.
Without a firewall, port sharing works and can access Plex.
However, when I turn on the firewall, sharing is blocked.

How can I expose the port even if the firewall is active?
 

ColinTaylor

Part of the Furniture
"port sharing" - presumably you mean port forwarding?

What firewall? The one on your router or the one on the device hosting the Plex server?

What is your router model and what firmware version are you using?
 

TCoreX

Regular Contributor
To come along briefly:

I have an Asus RT-AC86U running Merlin 384.15.alpha1.
I set up a Plex Media Server, using Entware and Debian Stretch. That works perfectly in the local network. However, I also want to access outside and have enabled the port release 32400 of the Plex server. This gives me external access to the server. However, the firewall of the router is switched on, the port is blocked and can no longer be accessed outside. How can I solve the problem?
 

ColinTaylor

Part of the Furniture
Can you post a screenshot of your port forwarding rule.
 

TCoreX

Regular Contributor
I am currently not at home but can say what I have entered:

Service name: PLEX
Source IP: 80.X.X.X (censored)
Port range: 32400
Local IP: 80.X.X.X (censored)
Local port: 32400
Protocol: TCP

I've tried several variants, but external with the firewall turned on, no chance.

The two IPs are the same, is output by the Plex Server so that the server runs directly via the router, as already described above.
 

ColinTaylor

Part of the Furniture
I am currently not at home but can say what I have entered:

Service name: PLEX
Source IP: 80.X.X.X (censored)
Port range: 32400
Local IP: 80.X.X.X (censored)
Local port: 32400
Protocol: TCP

I've tried several variants, but external with the firewall turned on, no chance.

The two IPs are the same, is output by the Plex Server so that the server runs directly via the router, as already described above.
You can't port forward to and from your external IP address.

So it sounds like you are running Plex on the router and not a separate server. Assuming your router's internal IP address is 192.168.1.1 try:

Service name: PLEX
Source IP: <blank>
Port range: 32400
Local IP: 192.168.1.1
Local port: 32400
Protocol: TCP
 
Last edited:

TCoreX

Regular Contributor
Clear this box (leave it empty)

Also you cant port forward to your router from within the router settings. This needs to be done through a script with ipsets
How do i handle it :)
 

TCoreX

Regular Contributor
You can't port forward to and from your external IP address.

So it sounds like you are running Plex on the router and not a separate server. Assuming your router's internal IP address is 192.168.1.1 try:

Service name: PLEX
Source IP: <blank>
Port range: 32400
Local IP: 192.168.1.1
Local port: 32400
Protocol: TCP
The same is true, the server is running on the router :)
Ok, I will do it later and also report on it.
 

beady_uk

Occasional Visitor
How do i handle it :)
I'm not the right person to help. I have something similar set up for transmission but I used scripts I found in this forum and manipulated them to fit my needs. Someone else with better knowledge will hopefully help
 

TCoreX

Regular Contributor
OK thanks :)
Hope this of course and thank you for now :)
 

madfusker

Regular Contributor
I'd also suggest some security by obscurity... I run plex on a nonstandard port externally like 48200, and port forward that to the local machine 32400. If,,, I mean when, there's a vulnerability on plex, I prefer not to get hit by the robots looking at every IP:32400 on the planet.
 

TCoreX

Regular Contributor
no success even with these settings :(

Screenshot_20200121_151400.jpg Screenshot_20200121_151237_com.android.chrome.jpg
 

netware5

Very Senior Member
In any case it is not good idea to open any service to the Internet. Especially if the service is running on the router itself, which plays the role of your most important guardian against external threats.

The golden security standard is: The only port opened to the external world shall be the port on which your OpenVPN server listens.

So my advice is to run OpenVPN server and then access the Plex from outside using the OpenVPN.
 

netware5

Very Senior Member
I'd also suggest some security by obscurity... I run plex on a nonstandard port externally like 48200, and port forward that to the local machine 32400. If,,, I mean when, there's a vulnerability on plex, I prefer not to get hit by the robots looking at every IP:32400 on the planet.

Security by obscurity is not a valid security measure at all. This is one of the most criticized security concepts. You may wish to read NIST Guide to General Server Security here: https://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800-123.pdf and pay attention to the following quote:
Open Design — System security should not depend on the secrecy of the implementation or its components.

Moving your service to non-standard port does not provide additional security. It just helps you to avoid spamming of your syslog by scanning bots and gives you a deceptive calm regarding your security.
 

Similar threads

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top